Subnet router anycast for FE80/10 ?

Subnet router anycast for FE80/10 ?

[Andreas Hofmeister]

Hi,

I noticed that once forwarding has been enabled on an interface, there 
is a "subnet router anycast address" for the link-local address prefix 
FE80/10.

This address seems not to be explicitly mentioned in any RFC, but RFC 
4291 says "All routers are required to support the Subnet-Router anycast 
addresses for the subnets to which they have interfaces."

In the sense that a Linux router actually has an address FE80/10 on each 
ipv6 enabled interface, it seems to be correct to also have FE80:: as an 
anycast address on all interfaces which have ipv6 and forwarding enabled.

But then, FE80/10 is not actually supposed to be routed at all and so a 
router cannot not really be a router for that particular subnet ?

Or is "FE80::" just supposed to be the anycast equivalent for the "all 
routers" multicast address ff02::2 ?

Maybe someone on this list could enlighten me.

Ciao
  Andi

Re: Subnet router anycast for FE80/10 ?

[David Lamparter]

On Mon, Oct 31, 2011 at 09:22:41PM +0100, Andreas Hofmeister wrote:
> I noticed that once forwarding has been enabled on an interface, there 
> is a "subnet router anycast address" for the link-local address prefix 
> FE80/10.

(Please note that it is fe80::/64 is used, not /10)

> This address seems not to be explicitly mentioned in any RFC, but RFC 
> 4291 says "All routers are required to support the Subnet-Router anycast 
> addresses for the subnets to which they have interfaces."

That this directly contradicts RFC 2526 which specifies the
subnet-router anycast address to be either ::ffff:ffff:ffff:ff80 or
::fcff:ffff:ffff:ff80 depending on the phase of the moon (well,
interface type actually, but same thing. Also, the /64 <> /10
distinction would matter here.)

For even more confusion, look at
http://www.iana.org/assignments/ipv6-anycast-addresses/ipv6-anycast-addresses.xml

but the only point why I'm mentioning this at all is that if someone
implemented this, they might've noticed the colliding specifications,
and there would be an Errata.

> In the sense that a Linux router actually has an address FE80/10 on each 
> ipv6 enabled interface, it seems to be correct to also have FE80:: as an 
> anycast address on all interfaces which have ipv6 and forwarding enabled.
> 
> But then, FE80/10 is not actually supposed to be routed at all and so a 
> router cannot not really be a router for that particular subnet ?

This question isn't really relevant, because...

> Or is "FE80::" just supposed to be the anycast equivalent for the "all 
> routers" multicast address ff02::2 ?

... it's actually fairly hard to implement this at all. The idea of
"Anycast" is that even if you have 1000 routers, only one router will
receive the packet. The network is supposed to magically take care of
that, but in reality this only works with Layer 3/IPv6 routing.

So, if you're /actually on/ the subnet yourself, the RFC
- either expects the ethernet switch to implement anycast (...)
- or implies the need for some anycast resolution protocol
  (which is possible of course, but there would first need to actually
  /be/ some such protocol; while some quick googling tells me such
  things exist, they certainly belong in the esoterics drawer).

... which turns this entire thing into a really bad joke.


I would recommend forgetting that these anycast addresses exist at all.
If you need to reach a local on-subnet router, just use ff02::2 and
randomly pick one that answers.


-David

Re: Subnet router anycast for FE80/10 ?

[David Stevens]

netdev-owner@vger.kernel.org wrote on 11/02/2011 08:38:09 AM:

> From: David Lamparter <equinox@diac24.net>

> > This address seems not to be explicitly mentioned in any RFC, but RFC 
> > 4291 says "All routers are required to support the Subnet-Router 
anycast 
> > addresses for the subnets to which they have interfaces."
> 
> That this directly contradicts RFC 2526 which specifies the
> subnet-router anycast address to be either ::ffff:ffff:ffff:ff80 or
> ::fcff:ffff:ffff:ff80 depending on the phase of the moon (well,
> interface type actually, but same thing. Also, the /64 <> /10
> distinction would matter here.)

        The subnet-router anycast address is defined in section 2.6.1 of 
RFC 4291
to be "all 0's" for the prefix. The definition above is for reserved 
anycast
addresses. RFC 2526 says "IPv6 defines a required Subnet-Router anycast 
address [3]
for all routers within a subnet prefix, and allows additional anycast 
addresses to
be taken from the unicast address space. This document defines an 
additional set
of reserved anycast addresses...".

> 
> ... it's actually fairly hard to implement this at all. The idea of
> "Anycast" is that even if you have 1000 routers, only one router will
> receive the packet. The network is supposed to magically take care of
> that, but in reality this only works with Layer 3/IPv6

        The host implementation is very straightforward. Not every host
on a segment has to use the *same* host for an anycast address (it's
kind of the point that it won't, in fact). A host simply needs to
do a solicitation for the anycast address and keep the first one that
answers (by definition, the "closest").

                                                                +-DLS

Re: Subnet router anycast for FE80/10 ?

[David Lamparter]

On Wed, Nov 02, 2011 at 10:52:57AM -0700, David Stevens wrote:
> > > This address seems not to be explicitly mentioned in any RFC, but RFC 
> > > 4291 says "All routers are required to support the Subnet-Router 
> anycast 
> > > addresses for the subnets to which they have interfaces."
> > 
> > That this directly contradicts RFC 2526 which specifies the
> > subnet-router anycast address to be either ::ffff:ffff:ffff:ff80 or
> > ::fcff:ffff:ffff:ff80 depending on the phase of the moon (well,
> > interface type actually, but same thing. Also, the /64 <> /10
> > distinction would matter here.)
>
>         The subnet-router anycast address is defined in section 2.6.1 of 
> RFC 4291 to be "all 0's" for the prefix. The definition above is for
> reserved anycast addresses. RFC 2526 says "IPv6 defines a required
> Subnet-Router anycast address [3] for all routers within a subnet prefix,
> and allows additional anycast addresses to be taken from the unicast
> address space. This document defines an additional set of reserved
> anycast addresses...".

Argh. I got thoroughly confused. Please ignore everything I said.

> > [...] only one router will receive the packet [...]
> 
>         The host implementation is very straightforward. Not every host
> on a segment has to use the *same* host for an anycast address (it's
> kind of the point that it won't, in fact). A host simply needs to
> do a solicitation for the anycast address and keep the first one that
> answers (by definition, the "closest").

Right. Sorry. I was half-asleep when I wrote my previous mail and
clearly didn't think through the entire problem. I should probably stop
writing mails when not at least 80% awake :).

Neighbor Discovery can indeed select one of the anycast hosts and talk
to it using its lower-layer address, and no other host should
receive/process the packet.

Going back to Andreas's original question about Subnet-Router Anycast
for fe80::/64 (or /10), RFC 4291 says
   +------------------------------------------------+----------------+
   |                   subnet prefix                | 00000000000000 |
   +------------------------------------------------+----------------+

   The "subnet prefix" in an anycast address is the prefix that
   identifies a specific link.

But fe80::/64 does not identify a specific link, as it is link-local and
would specify all links but not one specifically. So, fe80:: is not a
Subnet-Router anycast address, I'd say.


Hoping I was awake enough this time...


-David

Re: Subnet router anycast for FE80/10 ?

[David Stevens]

netdev-owner@vger.kernel.org wrote on 11/02/2011 02:53:59 PM:

> From: David Lamparter <equinox@diac24.net>

> Going back to Andreas's original question about Subnet-Router Anycast
> for fe80::/64 (or /10), RFC 4291 says
>    +------------------------------------------------+----------------+
>    |                   subnet prefix                | 00000000000000 |
>    +------------------------------------------------+----------------+
> 
>    The "subnet prefix" in an anycast address is the prefix that
>    identifies a specific link.
> 
> But fe80::/64 does not identify a specific link, as it is link-local and
> would specify all links but not one specifically. So, fe80:: is not a
> Subnet-Router anycast address, I'd say.

fe80:: is in fact a subnet-router anycast address because it's a valid
prefix with all-0's host part. Adding it, as linux does,  simply means
a host can use "fe80::" to get an answer from any router on a particular
link. That might be useful, e.g., if a host wants routing protocol 
information
from a directly attached router.

It isn't unique on a host, but all LL addresses require a scope_id to
identify an interface, anyway, so there is no ambiguity. Any multihomed
v6 host will have multiple fe80/10 routes -- one for each interface--
too, used for receiving packets. Those routes and those anycast addresses
only matter for input processing, as is true for all LL addresses.

So, there's no particular reason I see to treat LL as a special case and
exclude them. I haven't seen any RFC wording that forbids it, though the
implementation predates RFC4291.

You certainly don't have to use them in any application if you don't like 
it. :-)

                                                                +-DLS

Re: Subnet router anycast for FE80/10 ?

[David Stevens]

netdev-owner@vger.kernel.org wrote on 10/31/2011 01:22:41 PM:

> But then, FE80/10 is not actually supposed to be routed at all and so a 
> router cannot not really be a router for that particular subnet ?
> 
> Or is "FE80::" just supposed to be the anycast equivalent for the "all 
> routers" multicast address ff02::2 ?
> 
> Maybe someone on this list could enlighten me.

I think it's just a matter of not making an exception for LL addresses.
Forwarding is for the interface, not for individual prefixes.
If forwarding is enabled on the interface, anycast addresses for all
its prefixes are added.

It could be used to send to "any router" on a subnet, of course.

                                                        +-DLS